PER-9305-pdp-cicd (#132)

* check1 * pre commit fix * check2 * test * asdasd * check1 * check with other path * checkwith * check with custom * wip1 * check1 * check2 * --optional flag * wip3 * final * pre commit fix * master added for opal repo * check1 * chch * ch1 * ch2 * ch3 * with path fix of permit-opa * final * check2 * try1 * try3 * try4 * try5 * try6 * try7 * try8 * final * fix Dockfile for vanilla * rm opal common * check snyk * wip1 * wip2
permitio · Mar 28, 2024 · 401ad0b · 401ad0b
1 parent 0bc7800
commit 401ad0b
Show file tree

Hide file tree

Showing 3 changed files with 109 additions and 13 deletions.
diff --git a/.github/workflows/pdp_cicd.yml b/.github/workflows/pdp_cicd.yml
@@ -0,0 +1,105 @@
+name: Build and Push PDP Docker Image
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  build-and-push-pdp-vanilla:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    - name: Pre build - for PDP-Vanilla
+      run: echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version
+
+    - name: Build and push PDP-Vanilla - (official release)
+      if: "!github.event.release.prerelease"
+      uses: docker/build-push-action@v5
+      with:
+        push: true
+        context: .
+        platforms: linux/amd64,linux/arm64
+        tags: permitio/pdp-v2-vanilla:${{ github.event.release.tag_name }}, permitio/pdp-v2-vanilla:latest
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+
+    - name: Build and push PDP-Vanilla image - (pre-release)
+      if: "github.event.release.prerelease"
+      uses: docker/build-push-action@v5
+      with:
+        push: true
+        context: .
+        platforms: linux/amd64,linux/arm64
+        tags: permitio/pdp-v2-vanilla:${{ github.event.release.tag_name }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+
+  build-and-push-pdp:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    - uses: actions/checkout@v3
+      with:
+        repository: permitio/permit-opa
+        ref: main
+        path: './permit-opa'
+        token: ${{ secrets.CLONE_REPO_TOKEN }}
+
+    - name: Pre build PDP
+      run: |
+        echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version
+        rm -rf custom
+        mkdir custom
+        build_root="$PWD"
+        cd ./permit-opa
+        find * -name '*go*' -print0 | xargs -0 tar -czf "$build_root"/custom/custom_opa.tar.gz --exclude '.*'
+
+    - name: Build and push PDP image - (pre-release)
+      if: "github.event.release.prerelease"
+      uses: docker/build-push-action@v5
+      with:
+        push: true
+        context: .
+        platforms: linux/amd64,linux/arm64
+        tags: permitio/pdp-v2:${{ github.event.release.tag_name }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+
+    - name: Build and push PDP image - (official release)
+      if: "!github.event.release.prerelease"
+      uses: docker/build-push-action@v5
+      with:
+        push: true
+        context: .
+        platforms: linux/amd64,linux/arm64
+        tags: permitio/pdp-v2:${{ github.event.release.tag_name }},permitio/pdp-v2:latest
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
diff --git a/Dockerfile b/Dockerfile
@@ -12,24 +12,12 @@ WORKDIR /app/
 COPY requirements.txt requirements.txt
 RUN pip install --upgrade pip && pip install setuptools -U && pip install --user -r requirements.txt
 
-# Install a custom OPAL, if requested
-COPY custom /custom
-
-RUN if [ -f /custom/custom_opal.tar.gz ]; \
-	then \
-		cd /custom && \
-		tar xzf custom_opal.tar.gz && \
-		pip install --user packages/opal-common packages/opal-client && \
-		cd / && \
-		rm -rf /custom ; \
-	fi
-
 COPY horizon setup.py MANIFEST.in ./
 RUN python setup.py install --user
 
 FROM golang:bullseye as OPABuildStage
 
-COPY custom /custom
+COPY custom* /custom
 
 RUN if [ -f /custom/custom_opa.tar.gz ]; \
     then \

diff --git a/requirements.txt b/requirements.txt
@@ -1,4 +1,5 @@
 aiohttp>=3.8.1,<4
+cryptography>=42.0.4,<43
 fastapi>=0.78.0,<1
 gunicorn>=20.1.0,<21
 Jinja2>=3.1.2,<4
@@ -10,3 +11,5 @@ uvicorn[standard]>=0.17.6,<1
 logzio-python-handler
 ddtrace
 protobuf>=3.20.2 # not directly required, pinned by Snyk to avoid a vulnerability
+opal-common @ git+https://github.com/permitio/opal.git@master#subdirectory=packages/opal-common
+opal-client @ git+https://github.com/permitio/opal.git@master#subdirectory=packages/opal-client